Why utilization management may determine who clears the coming audit wave—and who doesn’t.

CMS doesn’t usually announce a philosophical shift. It signals it. And over the past year, the signals have grown louder: tougher scrutiny of utilization management, more rigorous document reviews, and an expectation that payers show—not simply assert—how they operate. The 2026 audit cycle will be the first real test of this new posture.

For health plans, the question is no longer whether they can survive an audit. It’s whether their operations can withstand a level of transparency CMS is poised to demand.

What CMS Is Really Asking for in 2026

Behind every audit protocol lies a single question: Does this plan operate in a way that reliably protects members? Historically, payers could answer that question through narrative explanation—clinical notes, supplemental files, post-hoc clarifications. Those days are ending. CMS wants documentation that stands on its own, without interpretation. Decisions must speak for themselves.

That shift lands hardest in utilization management. A UM case is a dense intersection of clinical judgment, policy interpretation, and regulatory timing. A single inconsistency—a rationale that doesn’t match criteria, a letter that doesn’t reflect the case file, a clock mismanaged by a manual workflow—can overshadow an otherwise correct decision.

The emerging audit philosophy is clear: If the documentation doesn’t prove the decision, CMS assumes the decision cannot be trusted.

Where the System Breaks: UM as the Audit Pressure Point

Auditors are increasingly zeroing in on UM because it sits at the exact point where member impact is felt: the determination of whether care moves forward. And yet the UM environment inside most plans is astonishingly fragile.

Case files exist across platforms. Reviewer notes vary widely in depth and style. Criteria are applied consistently in theory but documented inconsistently in practice. Timeframes live in spreadsheets or side systems. Letter templates multiply to meet state and line-of-business requirements, and each variation introduces new chances for error.

Delegated entities add another degree of variation. AI tools introduce sophistication—but also opacity. And UM letters, already the last mile, turn into the site of the most findings. The audit findings from recent years reveal the same weak points over and over: documentation mismatches, missing citations, unclear rationales, inadequate notice language, or timing failures that stem not from malice but from operational drift.

CMS sees all of this as symptomatic of one problem: fragmentation.

Why CMS’s New Expectations Make Sense—Even If They Hurt

To CMS, consistency is fairness. If two reviewers evaluating the same procedure cannot produce the same rationale, use the same criteria, or generate the same clarity in their letters, then members cannot rely on the decisions they receive. From the regulator’s perspective, this isn’t about paperwork—it’s about equity. Documentation is the proof that similar members receive similar decisions under similar circumstances.

Health plans know this in theory. But the internal pressures—volume, staffing variability, outdated systems, multiple point solutions, off-platform decisions, peer-to-peer nuances—make uniformity nearly impossible. CMS’s response is simple: Technical difficulty is not an excuse. Variation is a governance failure.

This is why the agency is preparing to scrutinize AI tools with the same rigor as human reviewers. Automation that produces variable results, or outputs that do not exactly match the case file, is no different from human inconsistency.

CMS is not anti-AI. It is anti-opaque-AI.

What an Audit-Ready UM Operation Actually Looks Like

Plans that will succeed in 2026 are building something different: a coherent operating system that eliminates guesswork. In these models, the case file becomes a single source of truth. Clinical summaries, criteria references, rationales, and letter text are drawn from the same structured data—so the letter is a natural extension of the decision, not a separate narrative created afterward.

Delegated entities operate under unified templates, shared quality rules, and real-time oversight rather than annual check-ins. AI is governed like a medical policy: with defined behaviour, monitoring, version control, and auditable outputs. And timeframes are treated with claims-like precision, not as deadlines managed by human vigilance.

This is not just modernization—it is a philosophical shift. A move from “reviewers record what happened” to “the system records what is true.”

Preparing for 2026 Starts in 2025

The path forward isn’t mysterious; it’s disciplined. Plans need to invest the next year in cleaning up documentation, consolidating UM data flows, reducing template drift, tightening delegation oversight, and putting governance around every automated tool in the UM pipeline. The plans that do this will walk into audits with confidence. The plans that don’t will rely on explanations CMS is increasingly unwilling to accept.

The Bottom Line

The 2026 CMS audit cycle isn’t a compliance event—it’s an operational reckoning. CMS is asking payers to demonstrate integrity, not describe it. And utilization management will be the proving ground. The strongest plans are already acting. The others will be forced to.

At Mizzeto, we help health plans build the documentation, automation, and governance foundation needed for a world where every UM decision must be instantly explainable. Because in the next audit cycle, clarity isn’t optional—it’s compliance.

‍

In the age of AI-driven utilization management (UM), one paper trail still refuses to move at the speed of automation: the UM letter.

Whether it’s an approval, denial, or request for additional information, these letters remain the last mile of every UM decision, and too often, the slowest. Despite sophisticated review platforms and integrated medical policy engines, many health plans still rely on legacy templates, fragmented data sources, and manual QA loops to generate what regulators consider a fundamental compliance artifact. UM letters are not just a formality; they are a legal requirement. Under CMS rules, plans must issue timely, adequate notice of adverse benefit determinations, explaining both the rationale and appeal rights to members.

The irony is hard to miss: while decisions are made in seconds, the documentation that justifies them can take days.

The Real Question Behind the Delay

The issue isn’t simply that UM letters take time. It’s why they take time, and what that delay reveals about deeper system inefficiencies.

For health plans, the question isn’t “How can we make letters faster?” It’s “Why are they so hard to get right in the first place?”

A single UM letter must synthesize clinical reasoning, regulatory precision, and plain-language clarity all aligned with CMS, NCQA, and state-specific notice requirements. The challenge is not in the writing, but in orchestrating inputs from multiple systems: clinical review notes, policy citations, benefit text, and provider data.

When those inputs don’t talk to each other, letter generation becomes a bottleneck that slows down turnaround times, increases error risk, and erodes member trust.

Why Templates Must Meet More Than Just Style

UM letter templates are not just administrative artifacts; they are regulatory documents. Under Centers for Medicare & Medicaid Services (CMS) rules, letters providing notice of adverse benefit determinations must meet detailed content and timing standards. For example, the regulation at 42 CFR § 438.404 mandates that notices be in writing and explain the reasons for denial, reference the medical necessity criteria or other processes used, provide the enrollee’s rights to copies of evidence and appeal, and outline procedures for expedited review.¹

In practice, this means letter templates must include:

• A clear description of the decision and the specific denial reason,

• The criteria or protocol relied upon (with member access to it free of charge),

• Instructions on how to appeal (standard and expedited),

• Rights to benefits continuation pending appeal under defined circumstances.²

Failure to incorporate these elements or to issue the notice within required timeframes can expose plans to audit findings, grievances, and regulatory penalties. The tighter the regulatory lens becomes, the less room there is for “good enough” templates. Each health plan must view letter-generation not as a clerical task but as a compliance checkpoint. And beyond the regulatory content itself, many programs require that UM notices be written in plain, accessible language at the 6^th-8^th grade level, to ensure members can understand their rights and the basis for a decision.

Five Friction Points Inside UM Letter Workflows

Every health plan faces variations of the same problem, but the underlying breakdowns tend to cluster around five recurring fault lines:

1. Fragmented Data Sources
   Critical information lives in multiple systems. UM platforms, claims engines, and policy libraries. Each transfer adds latency and the potential for mismatch.

2. Template Explosion
   Over time, teams accumulate hundreds of letter templates to meet overlapping state and product requirements. Maintaining these manually makes even minor updates a compliance risk.

3. Human Review Dependency
   Because UM letters must be clinically and legally precise, most organizations rely on multiple layers of human QA. That review process, while necessary, often adds 24–48 hours to turnaround.

4. Regulatory Complexity
   CMS and state requirements around adverse determination language, appeal rights, and timing create constant moving targets. Even small wording deviations can trigger audit findings.³

5. Technology Gaps
   Many UM systems weren’t designed for dynamic document assembly. Integrating clinical rationale, structured data, and plain-language output requires middleware or manual intervention.

Each of these friction points compounds the next, creating a cycle of rework, delay, and compliance exposure even in otherwise modernized UM environments.

Connecting the Dots: What the Delay Really Costs

The operational burden of slow UM letters goes far beyond staff productivity. It directly affects regulatory performance, provider satisfaction, and member experience.

Delayed or inconsistent notices can:

• Violate CMS and NCQA timeliness standards, exposing plans to corrective action.⁴

• Create confusion for providers awaiting determinations, delaying care coordination.

• Generate avoidable grievances and appeals, further burdening UM teams.

The cost is not just administrative, it’s reputational. Every late or unclear letter represents a breakdown in transparency at the very point where payers are most visible to members and regulators alike.⁵

Building a Smarter Letter Ecosystem

Leading plans are tackling the problem not with more templates, but with smarter orchestration.

The most effective UM letter modernization strategies share three principles:

• Structured Input, Dynamic Output: Capture decision data in structured fields early in the UM process so letters can be assembled automatically with consistent language and logic.

• Governance-Driven Templates: Centralize letter libraries under compliance governance, ensuring real-time updates to regulatory text and benefit language.

• Human-in-the-Loop Automation: Use AI-assisted generation to draft letters but retain clinical reviewer oversight for rationale and tone.

The goal isn’t to remove people, it’s to remove friction. Automation should serve precision, not replace it.

When designed correctly, next-generation letter systems can cut turnaround time by 50–70%, reduce rework, and strengthen audit readiness while making communications clearer for both providers and members.

The Bottom Line

UM letters may seem administrative, but they are where compliance, communication, and care converge. If denials are the visible output of your UM program, letters are the proof of its integrity.

For payers, the question isn’t whether letters can be automated, it’s whether they can be governed with the same rigor as the decisions they document.

At Mizzeto, we help health plans modernize UM letter workflows, integrating automation, policy governance, and compliance intelligence into one seamless ecosystem.  

‍

‍

SOURCES

1. 42 CFR & 438.404 - Timely and Adequate Notice of Adverse Benefit Determination
2. Medicaid Managed Care State Guide
3. CMS Coverage Appeals Job Aid
4. Utilization Management Accreditation - A Quality Improvement Framework
5. Denials & Appeals in Medicaid Managed Care

In utilization management (UM), few metrics speak louder—or cut deeper—than overturn rates. When a significant share of denied claims are later approved on appeal, it’s rarely just about an individual decision. It’s a reflection of something bigger: inconsistent policy interpretation, reviewer variability, documentation breakdowns, or outdated clinical criteria.

Regulators have taken notice. CMS and NCQA increasingly treat appeal outcomes as a diagnostic lens into whether a payer’s UM program is both fair and clinically grounded.¹ High overturn rates now raise questions not just about accuracy, but about governance.

In Medicare Advantage alone, more than 80 % of appealed denials were overturned in 2023 — a statistic that underscores how often first-pass decisions fail to hold up under scrutiny.² The smartest health plans have started to listen. They’re treating appeals not as administrative noise—but as signals.

What Overturned Denials Are Really Saying

Every overturned denial tells a story. It asks, implicitly: Was the original UM decision appropriate, consistent, and well-supported?

Patterns in appeal outcomes can expose weaknesses that internal audits often miss. For example:

• Repeated overturns for a single service category often signal misaligned or outdated policies.

• Overturns concentrated among certain reviewers may point to training or workflow inconsistencies.

• Successful appeals after peer-to-peer discussions often reveal documentation or communication gaps between provider and plan.

These trends mirror national data showing that many initial denials are overturned once additional clinical details are provided, highlighting communication—not medical necessity—as the core failure.³ The takeaway is simple but powerful: Appeal data is feedback—from providers, from regulators, and from your own operations—about how well your UM program is working in the real world.

The Systemic Signals Behind High Overturn Rates

When you look beyond the surface, overturned denials trace back to five systemic fault lines common across payer organizations:

1. Policy Rigor vs. Flexibility
   Medical necessity criteria must balance evidence-based precision with real-world adaptability. Policies written without clinical nuance—or not updated frequently enough—tend to generate denials that can’t stand up under appeal.

2. Reviewer Variability
   Even with clear policies, human interpretation introduces inconsistency. Differences in specialty expertise, decision fatigue, or tool usage can lead to unpredictable outcomes.

3. Provider Documentation Gaps
   Many initial denials are simply the result of incomplete records. When appeals are approved after additional information surfaces, the problem isn’t inappropriate care—it’s communication failure.

4. Operational Friction
   Lag times between intake, review, and notification can distort first-pass decisions. Data fragmentation between UM, claims, and provider portals compounds the issue.

5. Weak Feedback Governance
   Too often, appeal outcomes are logged but not analyzed. Mature UM programs close the loop—using overturned denials to retrain reviewers, refine policies, and target provider outreach.

Federal oversight agencies have long flagged this issue: an OIG review found that Medicare Advantage plans overturned roughly three-quarters of their own prior authorization denials, suggesting systemic review flaws and weak first-pass decision integrity.⁴

Turning Appeals into a Feedback Engine

Leading payers are reframing appeals from a reactive function to a proactive improvement system.
They’re building analytics that transform overturn data into actionable intelligence:

• Policy Calibration: Tracking which criteria most often lead to successful appeals reveals where policies may be too restrictive or outdated.

• Reviewer Performance: Overlaying overturn trends with reviewer data helps identify where training or peer review support is needed.

• Provider Partnership: By sharing de-identified appeal insights, plans can help provider groups strengthen documentation and pre-service submissions.

• Regulatory Readiness: Demonstrating a closed-loop feedback process strengthens NCQA compliance and positions the plan as an adaptive, learning organization.

This approach turns what was once a compliance burden into a continuous-learning advantage.

From Reversal to Reform

High overturn rates are not just a symptom—they’re an opportunity. Each reversed denial offers a data point that, aggregated and analyzed, can make UM programs more consistent, more transparent, and more clinically aligned.

The goal isn’t to eliminate appeals. It’s to make sure every appeal teaches the organization something useful—about process integrity, provider behavior, and the evolution of clinical practice.

When health plans start to see appeals as mirrors rather than metrics, UM stops being a gatekeeping exercise and becomes a governance discipline.

The Bottom Line

Overturned denials aren’t administrative noise—they’re operational intelligence. They show where your policies, people, and processes are misaligned, and where trust between payer and provider is breaking down.

For forward-thinking plans, this is the moment to reimagine UM as a learning system.
At Mizzeto, we help health plans turn appeal data into strategic insight—linking overturned-denial analytics to reviewer training, policy governance, and compliance reporting. Because in utilization management, every reversal has a lesson—and the best programs are the ones that listen.

SOURCES ‍

1. National Committee for Quality Assurance (NCQA). Overview of Proposed Updates to Utilization Management Accreditation 2026
2. Kaiser Family Foundation (KFF). “Nearly 50 Million Prior Authorization Requests Were Sent to Medicare Advantage Insurers in 2023"
3. American Medical Association (AMA). “Prior Authorization Denials Up Big in Medicare Advantage"
4. U.S. Department of Health & Human Services, Office of Inspector General (OIG). Some Medicare Advantage Organization Denials of Prior Authorization Requests Raise Concerns About Beneficiary Access to Medically Necessary Care

‍

Not all intelligence is created equal. As health plans race to integrate large language models (LLMs) into clinical documentation, prior authorization, and member servicing, a deceptively simple question looms: Which model actually works best for healthcare?

The answer isn’t about which LLM is newest or largest — it’s about which one is most aligned to the realities of regulated, data-sensitive environments. For payers and providers, the right model must do more than generate text. It must reason within rules, protect privacy, and perform reliably under the weight of medical nuance

Understanding the Core Question

For payers and providers alike, the decision isn’t simply “which LLM performs best,” but “which model can operate safely within healthcare’s regulatory, ethical, and operational constraints.”

Healthcare data is complex — part clinical, part administrative, and deeply contextual. General-purpose LLMs like GPT-4, Claude 3, and Gemini Ultra excel in reasoning and summarization, but their performance on domain-specific medical content still requires rigorous evaluation.¹ Meanwhile, emerging healthcare-trained models such as Med-PaLM 2, LLaMA-Med, and BioGPT promise higher clinical accuracy — yet raise questions about transparency, dataset provenance, and deployment control.

Analyzing the Factors That Matter

Evaluating an LLM for healthcare use comes down to five dimensions:

1. Data Security and Privacy: Models must support on-premise or private cloud deployment, with PHI never leaving the payer’s-controlled environment.

2. Domain Adaptation: Can the model be fine-tuned or context-trained on medical ontologies, payer workflows, or prior authorization rules?

3. Explainability: Does it provide confidence scores, citations, or audit logs for generated content — essential for regulatory defense and trust?

4. Integration Readiness: Can it interact with existing data ecosystems like QNXT, HealthEdge, or EPIC via APIs or orchestration layers?

5. Cost and Scalability: Beyond performance, can it operate efficiently at enterprise scale without prohibitive inference costs?

The Case for General-Purpose Models

Models like OpenAI’s GPT-4 and Anthropic’s Claude 3 dominate enterprise use because of their versatility, mature APIs, and strong compliance track records. GPT-4, for instance, underpins several FDA-compliant tools for clinical documentation and prior authorization automation.²

Advantages include:

• Maturity and security: Vendors offer HIPAA-aligned enterprise environments, audit trails, and SOC-2 compliance.

• Cross-domain adaptability: They integrate easily across payer workflows — intake, summarization, or correspondence.

• Rapid iteration: Frequent updates and strong partner ecosystems reduce implementation lag.

But there are caveats. General models sometimes “hallucinate” clinical or regulatory facts, especially when interpreting EHR data. Without domain fine-tuning or strong prompt governance, output quality can drift.

The Case for Healthcare-Specific LLMs

A growing ecosystem of medical-domain LLMs is changing the landscape. Google’s Med-PaLM 2 demonstrated near-clinician accuracy on the MedQA benchmark, outperforming GPT-4 in structured reasoning about medical questions. Open-source options like BioGPT (Microsoft) and ClinicalCamel are being tested for biomedical text mining and claims coding support.

Advantages include:

• Higher clinical grounding: Trained on PubMed, clinical guidelines, and biomedical literature.

• Explainability: Some models provide citation-based reasoning or evidence chains.

• On-premise deployability: Open-source variants allow PHI-safe environments.

Yet, the trade-offs are real:

• Limited generalization: These models can underperform on administrative or financial text.

• Resource demands: Fine-tuning and maintenance require specialized infrastructure and talent.

• Regulatory uncertainty: Validation for real-world payer use remains early-stage.

Synthesizing the Middle Ground

The emerging consensus is hybridization. Many payers and health systems are adopting dual-model architectures:

• A general-purpose model (e.g., GPT or Claude) for summarization, knowledge extraction, and conversational interfaces.³

• A domain-specific, internally governed model (often LLaMA or Mistral–based) for compliance-sensitive tasks involving PHI, clinical logic, or audit documentation.

This “governed ensemble” strategy balances innovation and oversight — leveraging the cognitive power of frontier models while preserving control where it matters most.

The key isn’t picking a single best model. It’s building the right model governance stack — version control, prompt audit trails, human-in-the-loop review, and strict access controls. Healthcare’s best LLM is not the one that knows the most, but the one that knows its limits.

The Bottom Line

Choosing an LLM for healthcare isn’t a procurement exercise — it’s a governance decision. Plans should evaluate models the way they would evaluate clinical interventions: by evidence, reliability, and risk tolerance.

The best LLMs for healthcare are those that combine precision, provenance, and privacy — not those that simply perform best in general benchmarks. Success lies in orchestrating intelligence responsibly, not in adopting it blindly.

At Mizzeto, we help payers design AI ecosystems that strike this balance. Our frameworks support multi-model orchestration, secure deployment, and audit-ready oversight — enabling health plans to innovate confidently without compromising compliance or control. Because in healthcare, intelligence isn’t just about what a model can say — it’s about what a plan can trust.

‍

‍

SOURCES

1. Assessing the use of the novel tool Claude 3 in comparison to ChatGPT 4.0
2. Use of GPT-4 to analyze medical records of patients with extensive investigations and delayed diagnosis
3. Benefits, Limits, and Risks of GPT-4 as an AI Chatbot for Medicine